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IN THE CLAIMS: 
i 1-5 (Cancelled) 



1 6. (Currently Amended) A method for creating and maintaining a plurality of virtual serv- 

2 ers within a server, the method comprising the steps of: 

3 partitioning resources of the server to establish an instance of each virtual server 

4 by allocating units of storage and network addresses of network interfaces of the server to 

5 each instance of the virtual server, and sharing an operating system and a file system of 

6 the server among all of the virtual servers; 

7 enabling controlled access to the resources using logical boundary checks and se- 

8 curity interpretations of those resources within the serve r by comparing configuration in- 

9 formation of a unit of storage requested by a particular vserver with the resources allo- 

10 cated to that particular vserver ; and 



n 

12 



2 



providing a vfikf- virtual server context structure including information pertain- 
ing to a security domain of the vfitervirtual server . 



i 7. (Currently Amended) The method of Claim 6 wherein the step of allocating comprises 



the step of providing a vfstore list of the vfitefr -virtual server context structure, the vstore 

3 list comprising pointers to vfstore soft objects, each having a pointer that references a 

4 path to a unit of storage allocated to the vfiler. 
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1 8. (Currently Amended) The method of Claim 7 wherein the step of allocating further 

2 comprises the step of providing a vfhet list of the vfile ^virtual server context structure, 

3 the vfhet list comprising pointers to vfhet soft objects, each having a pointer that refer- 

4 ences an interface address data structure representing a network address assigned to the 

5 vfikrvirtual server. 



i 9. (Currently Amended) The method of Claim 8 wherein the step of enabling further 



comprises the step of performing a vfiler -virtual server boundary check to verify that a 
vfikr -virtual server is allowed to access certain storage resources of the filer. 



1 10. (Original) The method of Claim 9 wherein the step of performing comprises the step 

2 of validating a file system identifier and qtree identifier associated with the units of stor- 

3 age. 



1 11. (Currently Amended) The method of Claim 1 0 wherein the step of performing further 

2 comprises the steps of: 

3 for each request to access a unit of storage, using the identifiers to determine 

4 whether the vfile ^virtual server is authorized to access the unit of storage; 

if the vSler -virtual server is not authorized to access the requested unit of storage, 

6 immediately denying the request; 

7 otherwise, allowing the request; and 

8 generating file system operations to process the request. 
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1 12. (Cancelled) 



1 13. (Currently Amended) A system adapted to create and maintain a plurality of virtual 

2 servers within a server, the system comprising: 

3 a_storage media configured to store information as units of storage resources, the 

4 units of storage resources allocated among each of the virtual servers; 

5 one or more network interfaces assigned one or more network address resources, 

6 the network address resources allocated among each of the virtual servers; 

7 an operating system having a file system resource adapted to perform a boundary 

8 check to verify that a request is allowed to access to certain units of storage resources on 

9 the storage media, each virtual server allowed shared access to the file system , where the 

10 boundary check is performed by comparing configuration information of a unit of storage 

11 requested by a particular vserver with the one or more units of storage resources and the 

12 one or more network address resources allocated to that particular vserver ; 

13 a context data structure provided to each virtual server, the context data structure 

14 including information pertaining to a security domain of the virtual server that enforces 

15 controlled access to the allocated and shared resources; and 

16 a processing element coupled to the network interfaces and storage media, and 

17 configured to execute the operating and file systems to thereby invoke network and stor- 

18 age access operations in accordance with results of the boundary check of the file system. 
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14. (Original) The system of Claim 13 wherein the units of storage resources are volumes 
and qtrees. 
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1 15. (Original) The system of Claim 14 further comprising a plurality of table data struc- 

2 tures accessed by the processing element to implement the boundary check, the table data 

3 structures including a first table having a plurality of first entries, each associated with a 

4 virtual server and accessed by a file system identifier (fsid) functioning as a first key into 

5 the table, each first entry of the first table denoting a virtual server that completely owns 

6 a volume identified by the fsid. 



1 16. (Original) The system of Claim 1 5 wherein the table data structures further include a 

2 second table having a plurality of second entries, each associated with a virtual server and 

3 accessed by a second key consisting of an fsid and a qtree identifier (qtreeid), each sec- 

4 ond entry of the second table denoting a virtual server that completely owns a qtree iden- 

5 tified by the fsid and qtreeid. 



1 1 7. (Original) The system of Claim 1 6 wherein the server is a filer and wherein the vir- 

2 tual servers are virtual filers. 



l 18. -19. (Cancelled) 



i 20. (Currently Amended) Apparatus adapted to create and maintain a plurality of virtual 
filers -servers (vfiler svservers) within a filerserver, the apparatus comprising: 

means for allocating dedicated resources of the fiie^server t o each vfUervserver; 
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4 means for sharing common resources of the file ^server among all of the vfil e rs - 

5 vservers ; and 

6 means for enabling controlled access to the dedicated and shared resources using 

7 logical boundary checks and security interpretations of those resources within the server 

8 and for providing a vfiler-vserver context structure including information pertaining to a 

9 security domain of the vfilervserve n where the logical boundary checks are performed by 

10 comparing configuration information of a unit of storage requested by a particular vserver 
n with the dedicated resources allocated to that particular vserver . 



i 21. -22. (Cancelled) 



i 23. (Currently Amended) A computer readable medium containing executable program 



9 
10 

n 

12 



instructions for creating and maintaining a plurality of virtual fil e rs servers ( vfil e rs 
vservers) within a filer, the executable program instructions comprising program instruc- 



4 tions for: 

allocating dedicated resources of the flle rserver t o each vfilervserver; 
sharing common resources of the flie^server among all of the vfileF Svservers ; and 
enabling access to the dedicated and shared resources using logical boundary 



8 checks and security interpretations of those resources within the server and providing a 



vfiler -vserver context structure including information pertaining to a security domain of 
the vfile Fvserver, where the logical boundary checks are performed by comparing con- 
figuration information of a unit of storage requested by a particular vserver with the dedi- 
cated resources allocated to that particular vserver . 
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1 24.-25. (Cancelled) 

1 26. (Currently Amended) A method for creating and maintaining a plurality of virtual 

2 servers within a server, the method comprising the steps of: 

3 allocatin g resources to each instance of the virtual servers of the plurality of serv- 

4 ers, the resources including units of storage and network addresses of network interfaces 

5 of the server to each instance of the virtual server; 

6 using boundary checks to access resources allocated to the virtual servers, where a 

7 particular virtual server is limited by the boundary check to only access the resources as- 

8 signed to that particular virtual serve r, where the logical boundary checks are performed 

9 by comparing configuration information of a unit of storage requested by a particular 

10 vserver with the resources allocated to that particular vserver . 

1 27. (Currently Amended) An apparatus adapted to create and maintain a plurality of vir- 

2 tual servers within a server, comprising: 

3 means for allocatin g resources to each instance of the virtual servers of the plural- 

4 ity of servers, the resources including units of storage and network addresses of network 
s interfaces of the server to each instance of the virtual server; 

6 means for using boundary checks to access resources allocated to the virtual serv- 

7 ers, where a particular virtual server is limited by the boundary check to only access the 
g resources assigned to that particular virtual serve r, where the logical boundary checks are 
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performed by comparing configuration information of a unit of storage requested bv a 
particular vserver with the resources allocated to that particular vserver . 

28. (Currently Amended) A system adapted to create and maintain a plurality of virtual 
servers within a server, the system comprising: 

a storage media configured to allocate resources to each of the virtual servers of 
the plurality of servers, the resources including units of storage and network addresses of 
network interfaces of the server to each instance of the virtual server network interfaces 
assigned one or more network address resources, the network address resources allocated 
among each of the virtual servers; 

an operating system adapted to perform a boundary check to verify access to re- 
sources allocated to the virtual servers, where a particular virtual server is limited by the 
boundary check to only access the resources assigned to that particular virtual server^ 
where the logical boundary checks are performed by comparing configuration informa- 
tion of a unit of storage requested by a particular vserver with the resources allocated to 
that particular vserver . 
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Please add new claims 29 et al 

1 29. (New) A method for creating and maintaining one or more virtual servers within a 

2 server, comprising: 

3 allocating resources to a first virtual server of the one or more virtual servers, 

4 where the resources include one or more units of storage and at least one network address 

5 of one or more network interfaces of the server to a first virtual server of the one or more 

6 virtual servers; 

7 requesting a first unit of storage of the one or more units of storage by a first vir- 

8 tual server; and 

9 using a boundary check to access the first unit of storage by comparing configura- 

10 tion information of the first unit of storage with resources allocated to the first virtual 
n server. 

1 30. (New) The method of claim 29, wherein the configuration information is an inode 

2 from a requested file. 
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